using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using JGSY.CMS.LowCode.Platform.Application.Interfaces;
using JGSY.CMS.LowCode.Platform.Application.DTOs;

namespace JGSY.CMS.LowCode.Platform.Controllers
{
    /// <summary>
    /// 安全管理接口。
    /// 提供系统安全设置、安全策略配置、安全事件处理等相关功能的 API。
    /// </summary>
    [ApiController]
    [Route("api/security")]
    public class SecurityController : ControllerBase
    {
        /// <summary>
        /// 安全应用服务接口
        /// </summary>
        private readonly ISecurityAppService _service;
        
        /// <summary>
        /// 构造函数，注入安全服务
        /// </summary>
        /// <param name="service">安全应用服务接口</param>
        public SecurityController(ISecurityAppService service)
        {
            _service = service;
        }

        /// <summary>
        /// 获取系统安全指标
        /// </summary>
        /// <returns>安全指标数据</returns>
        [Authorize(Roles = "Admin")]
        [HttpGet("metrics")]
        public async Task<IActionResult> GetMetrics()
            => Ok(await _service.GetMetricsAsync());

        /// <summary>
        /// 获取安全威胁信息
        /// </summary>
        /// <param name="severity">威胁严重程度筛选条件</param>
        /// <param name="page">页码，默认第1页</param>
        /// <param name="limit">每页数量限制，默认10条</param>
        /// <returns>威胁信息列表</returns>
        /// <remarks>
        /// <para>功能说明：</para>
        /// <list type="bullet">
        /// <item><description>获取系统检测到的安全威胁信息</description></item>
        /// <item><description>支持按严重程度筛选威胁类型</description></item>
        /// <item><description>提供分页查询避免数据量过大</description></item>
        /// <item><description>返回威胁详情和处理建议</description></item>
        /// </list>
        /// 
        /// <para>严重程度级别：</para>
        /// <list type="bullet">
        /// <item><description>Critical: 严重威胁，需立即处理</description></item>
        /// <item><description>High: 高危威胁，需优先处理</description></item>
        /// <item><description>Medium: 中等威胁，需关注</description></item>
        /// <item><description>Low: 低风险威胁，可延后处理</description></item>
        /// </list>
        /// </remarks>
        /// <response code="200">查询成功，返回威胁信息列表</response>
        /// <response code="401">未授权访问</response>
        /// <response code="403">权限不足，需要管理员权限</response>
        [Authorize(Roles = "Admin")]
        [HttpGet("threats")]
        public async Task<IActionResult> GetThreats(string severity, int page = 1, int limit = 10)
            => Ok(await _service.GetThreatsAsync(severity, page, limit));

        /// <summary>
        /// 获取地理位置登录记录
        /// </summary>
        /// <param name="days">查询天数，默认7天</param>
        /// <returns>地理位置登录记录</returns>
        /// <remarks>
        /// <para>功能说明：</para>
        /// <list type="bullet">
        /// <item><description>统计用户在不同地理位置的登录情况</description></item>
        /// <item><description>识别异常登录地点和可疑活动</description></item>
        /// <item><description>提供地理位置安全分析数据</description></item>
        /// <item><description>支持时间范围筛选</description></item>
        /// </list>
        /// 
        /// <para>返回数据包含：</para>
        /// <list type="bullet">
        /// <item><description>登录IP地址和地理位置信息</description></item>
        /// <item><description>登录时间和频次统计</description></item>
        /// <item><description>设备类型和浏览器信息</description></item>
        /// <item><description>安全风险评级</description></item>
        /// </list>
        /// </remarks>
        /// <response code="200">查询成功，返回地理登录记录</response>
        /// <response code="401">未授权访问</response>
        [Authorize]
        [HttpGet("geographic-logins")]
        public async Task<IActionResult> GetGeographicLogins(int days = 7)
            => Ok(await _service.GetGeographicLoginsAsync(days));

        /// <summary>
        /// 获取用户设备列表
        /// </summary>
        /// <returns>设备列表</returns>
        [Authorize]
        [HttpGet("devices")]
        public async Task<IActionResult> GetDevices()
            => Ok(await _service.GetDevicesAsync());

        /// <summary>
        /// 信任指定设备
        /// </summary>
        /// <param name="deviceId">设备ID</param>
        /// <returns>操作结果</returns>
        [Authorize]
        [HttpPost("devices/{deviceId}/trust")]
        public async Task<IActionResult> TrustDevice(long deviceId)
        {
            await _service.TrustDeviceAsync(deviceId);
            return Ok(new { success = true });
        }

        /// <summary>
        /// 移除指定设备
        /// </summary>
        /// <param name="deviceId">设备ID</param>
        /// <returns>操作结果</returns>
        [Authorize]
        [HttpDelete("devices/{deviceId}")]
        public async Task<IActionResult> RemoveDevice(long deviceId)
        {
            await _service.RemoveDeviceAsync(deviceId);
            return Ok(new { success = true });
        }

        /// <summary>
        /// 获取登录历史记录
        /// </summary>
        /// <param name="page">页码，默认第1页</param>
        /// <param name="limit">每页数量限制，默认10条</param>
        /// <param name="startDate">开始日期</param>
        /// <param name="endDate">结束日期</param>
        /// <returns>登录历史记录列表</returns>
        [Authorize]
        [HttpGet("login-history")]
        public async Task<IActionResult> GetLoginHistory(int page = 1, int limit = 10, string? startDate = null, string? endDate = null)
            => Ok(await _service.GetLoginHistoryAsync(page, limit, startDate, endDate));
    }
}
